Web.Config file encrypt not working after publishing

2

I encrypted the web.config file using following code

protected void Page_Load(object sender, EventArgs e)
{
    EncriptSection("connectionStrings", "DataProtectionConfigurationProvider");
}
private void EncriptSection(string sectionName, string provider)
{
    Configuration config =
         WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
    ConfigurationSection section = config.GetSection(sectionName);
    if (section != null && !section.SectionInformation.IsProtected)
    {
        section.SectionInformation.ProtectSection(provider);
        config.Save();
    }
}

after encryption web.config file,Site is running good in local system but when i publish my site and deployed into server.

Pages are not reading the web.config file and giving error.When I decrypt the file and then publish the site into server site is running good on server.

How can i encrypt the file and run it into server.

Below is the error which i am getting now :

Runtime Error

Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a web.config configuration file located in the root directory of the current web application. This <customErrors> tag should then have its mode attribute set to Off.

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="Off"/>
    </system.web>
</configuration>

Notes: The current error page you are seeing can be replaced by a custom error page by modifying the defaultRedirect attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

<!-- Web.Config Configuration File -->

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
    </system.web>
</configuration>

****AFTER WHEN I PUT**

<customErrors mode="Off"/> 

**in configuartion then get following error****

Parser Error Message: Failed to decrypt using provider 'DataProtectionConfigurationProvider'. Error message from the provider: Key not valid for use in specified state. (Exception from HRESULT: 0x8009000B)

Source Error:

Line 13:  </system.web>
Line 14:   <connectionStrings  
                 configProtectionProvider="DataProtectionConfigurationProvider">
Line 15:     <EncryptedData>
Line 16:     <CipherData>
Line 17:    <CipherValue>reertertertreterterterterterterterte
              rtertertertertert5345345345 </CipherValue>

Source File: C:\FOLDER\web.config Line: 15

c#
asp.net
encryption
configuration
web-config
asked on Stack Overflow Jan 8, 2015 by test user • edited Nov 17, 2015 by Rahul Nikate

1 Answer

4

You need to publish your application with the web.config sections decrypted because the key that is used to encrypt/decrypt is machine specific.

To encrypt the web.config sections online call the ProtectSection() method in Application_Start() of global.asax.

So ProtectSection() method will do this the first time the application starts.

answered on Stack Overflow Jan 8, 2015 by Rahul Nikate • edited Jan 8, 2015 by Rahul Nikate

User contributions licensed under CC BY-SA 3.0